Overview

Affected versions of this package are vulnerable to Arbitrary Command Injection.
User input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

Remediation

Upgrade github.com/kubernetes/kubernetes/pkg/util/mount to version 1.9.10, 1.10.6, 1.11.2 or higher.